I think I’ve found a solution: around line 121 in the key_giveaway.php file, there’s a line to check whether the current user has the rights to edit posts:
if( !current_user_can( 'edit_post') ) return;
I guess that used to work in WordPress, but with the latest patch, it’s enforcing the correct form for this call:
if (!current_user_can( 'edit_post', $post_id) ) return;
By including the $post_id, WordPress can check whether the user is authorized to edit _this_ post, as intended. With that change, this venerable mod went right back to working for us — I hope it works for you as well!